Reforming NSA’s bulk collection: A tale of two proposals

Late last night, the Obama team leaked to The New York Times its proposed alternative to the existing NSA bulk counter-terrorism telephony collection program. In contrast with the current program in which NSA retains phone records for five years and whose numbers can be cross-checked with possible terrorist numbers approved by the Foreign Surveillance Court, the new program would, according to the Times, have phone records “stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the NSA could obtain specific records only with permission from a judge, using a new kind of court order.”

The leak of the administration’s proposal appears to have been generated to get ahead of a bipartisan proposal set to be unveiled today by House intelligence committee chairman Mike Rogers (R-MI) and the ranking member “Dutch” Ruppersberger (D-MD). According to the Wall Street Journal, under their proposal “a phone company would search its databases for a phone number under an individual ‘directive’ it would receive from the government. It would send the NSA a list of numbers called from that phone number, and possibly lists of phone numbers those numbers had called. A directive also could order a phone company to search its database for such calls as future records come in.” In addition, the congressmen’s proposal would be more inclusive, covering both land-line and cell-phone made calls. (At present, the vast majority of the current telephony bulk collection covers only the former.) And finally, after each directive was made to the companies by NSA, a copy of the directive would be sent to the Foreign Surveillance Court for its review.

What the two proposals share of course is moving the storage of the telephony data out from under the government’s hands. And what they also share apparently is no requirement by the companies to keep that data for any longer than they normally would; that is, no one is requiring the companies to spend monies to build extra storage capacity. Ironically, this means American companies will have less responsibility in this matter than European communication providers who are required by the European Union to retain all data for up to two years for their various security services’ inspection.

Where the two proposals appear to differ most directly is the role each sees being played by the Foreign Surveillance Court. Under the administration’s plan, the court will have a direct and prior say in whether a search of numbers can go forward; that is, it gets to play “the judge” in what is essentially an executive decision. Under the Rogers-Ruppersberger proposal, the intelligence community is given the discretion to act as decisively as it can with the only caveat being the court will, after the fact, review whether it has acted properly or not—perhaps a small difference to some but, nonetheless, a significant distinction for those who care about the principle of “separation of powers.”

Both proposals will need to be passed by Congress and signed into law by the President. Given how little “bully pulpit” President Obama has used to talk about this issue, there are significant doubts that any bill will find a majority at present—meaning that current program will probably stay in place until perhaps even 2015 when, because of sunset provisions in the Patriot Act, the legal mandate for the bulk collection program will simply expire.